diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c583649b..4d6ee163 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,7 +15,7 @@ jobs: strategy: fail-fast: false matrix: - mysql: ["5.7", "8"] + mysql: ["5.7", "8.0"] distribution: ["debian:buster", "ubuntu:focal", "ubuntu:bionic"] ruby: ["3.3"] include: diff --git a/.gitignore b/.gitignore index 1f082308..e6812fa0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,7 @@ /trilogy /test/test /example/trilogy_query + +# Ignore everything in the tmp directory except for the keep file. +/tmp/**/* +!/tmp/.keep diff --git a/docker-compose.yml b/docker-compose.yml index a15d2221..0e8cae99 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,7 +13,7 @@ services: MYSQL_DATABASE: test MYSQL_HOST: db.local volumes: - - "db-data:/var/lib/mysql" + - "./tmp/mysql-certs:/mysql-certs" - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - ./test/auth_plugins/${MYSQL_VERSION}/auth_test_plugin.so:/usr/lib/mysql/plugin/auth_test_plugin.so app: @@ -22,20 +22,18 @@ services: build: context: . args: + - BUILDKIT_INLINE_CACHE=1 - DISTRIBUTION=${DISTRIBUTION} - RUBY_VERSION=${RUBY_VERSION} cache_from: - ghcr.io/trilogy-libraries/trilogy/ci-app:distro-${DISTRIBUTION_SLUG}-ruby-${RUBY_VERSION}-mysql-${MYSQL_VERSION} environment: MYSQL_HOST: db.local - TRILOGY_TEST_CERTS: "/db-data" + TRILOGY_TEST_CERTS: "/mysql-certs" depends_on: - db links: - "db:db.local" - "db:wildcard.db.local" volumes: - - "db-data:/db-data" - -volumes: - db-data: + - "./tmp/mysql-certs:/mysql-certs" diff --git a/docker-entrypoint-initdb.d/generate_keys.sh b/docker-entrypoint-initdb.d/generate_keys.sh index b57f417d..7169674c 100755 --- a/docker-entrypoint-initdb.d/generate_keys.sh +++ b/docker-entrypoint-initdb.d/generate_keys.sh @@ -1,4 +1,6 @@ -#!/bin/bash +#!/usr/bin/env bash + +set -euo pipefail cd /var/lib/mysql @@ -51,3 +53,8 @@ openssl x509 -req -sha256 -CA ca.pem -CAkey ca-key.pem -set_serial 2 \ -days 365 \ -in client-csr.pem \ -out client-cert.pem + +# Copy the certificates to the shared directory so that it's accessible from the app +# container. + +cp /var/lib/mysql/*.pem /mysql-certs diff --git a/script/cibuild b/script/cibuild index b56598c6..b5555097 100755 --- a/script/cibuild +++ b/script/cibuild @@ -35,7 +35,7 @@ output_fold() { function cleanup() { echo echo "::group::Shutting down services..." - docker compose down -v + docker compose down --volumes echo "::endgroup::" } @@ -43,14 +43,21 @@ trap cleanup EXIT export CI_MODE=true -if [ -z "$MYSQL_VERSION" ]; then export MYSQL_VERSION=8 ; fi +if [ -z "$MYSQL_VERSION" ]; then export MYSQL_VERSION=8.0 ; fi if [ -z "$DISTRIBUTION" ]; then export DISTRIBUTION=debian:buster ; fi if [ -z "$RUBY_VERSION" ]; then export RUBY_VERSION=3.2 ; fi DISTRIBUTION_SLUG="$(echo "$DISTRIBUTION" | awk '{ gsub(":", "_") ; print $0 }')" export DISTRIBUTION_SLUG -docker compose rm -s -f -v +# Prepare the shared directory where the certificates will be stored. We need to create +# and chmod this directory on the host so that the permissions are persisted when the +# the directory is mounted in the containers. Since the mysql container runs as a non-root +# user, we need to ensure that the directory is writable by all users. +mkdir tmp/mysql-certs +chmod 777 tmp/mysql-certs + +docker compose rm --stop --force --volumes output_fold "Pull cache image..." docker compose pull app || true output_fold "Bootstrapping container..." docker compose build output_fold "Running tests..." docker compose run --rm app diff --git a/test/auth_plugins/8/auth_test_plugin.so b/test/auth_plugins/8.0/auth_test_plugin.so similarity index 100% rename from test/auth_plugins/8/auth_test_plugin.so rename to test/auth_plugins/8.0/auth_test_plugin.so diff --git a/tmp/.keep b/tmp/.keep new file mode 100644 index 00000000..e69de29b